|
The phpCAS library provides a simple API for authenticating users against a CAS server. phpCAS is configured using the static API methods such as
The examples below show a variety of ways to utilize the phpCAS library. All examples can be found in the distribution packes and can be downloaded from the Examples directory in source control A simple CAS clientphpCAS can be used the simplest way, as a CAS client Run-time behaviour configurationWhen setting up a CAS proxy client, some runtime behaviour can be easily configured. LanguageSetting the language for error pages or notifications HTML outputChanging the html style of error pages and notifications A CAS proxyphpCAS can also make a PHP script act as a cas proxy client. The phpcas client get a proxy ticket from the cas server and uses it to access external services in your name. (calling external services). The proxy client has support for cookies and can be used for sessions etc. A CAS proxy using serviceWeb()Example proxy serviceWeb source code A CAS proxied serviceAn example service (also CAS client) to be called from the example_proxy_serviceWeb. This example also uses the session for a simple counter. CAS proxies can be chainedA CAS proxy client can also be a proxied itself Example chained proxy source code The ProxiedService systemAs of phpCAS 1.2.2 new of ProxiedService classes are available that provide access to making proxy-authenticated requests via HTTP GET, HTTP POST, IMAP, and in the future SOAP, XML RPC, etc. CAS_ProxiedService_Http_GetThe HTTP GET Proxied Service is equivalent to serviceWeb(), but provides an exception-based API. CAS_ProxiedService_Http_PostThe HTTP POST Proxied Service allows clients to make proxy-authenticated POST requests. example_proxy_POST source code example_service_POST source code CAS_ProxiedService_ImapThe IMAP Proxied Service is equivalent to serviceMail(), but provides an exception-based API. Clients should use the following CAS_ProxiedService_Imap methods:
PGT storage configurationThe necessary storing of Proxy Granting Tickets PGT for proxy functionality can be configured Onto the filesystemexample file storage source code Advanced featuresOnly check authentication (gateway)The possibility of using the CAS gateway feature (see http://www.ja-sig.org/wiki/display/CAS/gateway) Handle logout requests from the CAS serverSupport for central logout (Single Sign Out) was added in release 1.0.0. By default phpCAS by default only handles requests that emanate from the CAS host exclusively (declared in phpCAS::client() or phpCAS::proxy()). Failure to restrict SAML logout requests to authorized hosts could allow denial of service attacks where at the least the server is tied up parsing bogus XML messages. To disable access control on logout requests, use: The hosts allowed to send logout requests can also be passed in an array which might be usefull in with clustered cas servers: example single sign out source code SAML Protocol with Attribute ReleaseAn advanced exmaple using the SAML protocol with attribute release and single logout. example advanced SAML source code Custom validation URLsThe following example shows how to configure a non-standard url for ticket validation. This feature is supported in phpcas since version 1.1.0RC2. The validation urls can be set for service, proxy and saml validation. |
